CVE-2025-7274 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7274?

CVE-2025-7274 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to improper input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to improper input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the fix (specific version unknown from provided data)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed. User interaction needed to open malicious file.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious DWG files from untrusted sources.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, though data loss from the current session is still possible.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). ZDI advisory suggests detailed technical analysis exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown from provided references

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-25-525/

Restart Required: Yes

Instructions:

1. Visit IrfanView official website
2. Download latest version with CADImage plugin updates
3. Install update
4. Restart system

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable CADImage plugin from IrfanView

Navigate to IrfanView plugins directory and remove CADImage.dll

File Association Removal

windows

Remove DWG file association with IrfanView

Control Panel > Default Programs > Set Associations > Remove .dwg from IrfanView

🧯 If You Can't Patch

Restrict user privileges to prevent system-wide compromise
Implement application whitelisting to block IrfanView execution

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About for version and plugin list. If CADImage plugin is present and not latest version, assume vulnerable.

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView and CADImage plugin are updated to latest versions from official source.

📡 Detection & Monitoring

Log Indicators:

IrfanView process crashes when opening DWG files
Unexpected child processes spawned from IrfanView

Network Indicators:

Outbound connections from IrfanView process to unknown IPs

SIEM Query:

Process Creation where Image contains 'irfanview' AND ParentImage NOT IN ('explorer.exe')

📊 Metadata

CVE ID: CVE-2025-7274

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-525/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7274, you might also want to check these: